Top 5 Targets for Hackers in 2018

One of your top IT concerns for 2018 is likely cybersecurity. And if it’s not, it should be, as it is no longer a question of whether or not your company will experience some form of a cyberattack, it is a matter of when and how well you will be prepared.

While Fully Managed has provided a list of cybersecurity threats to watch out for in 2018, along with a downloadable white paper on how to protect your organization, it is good to first understand the threat level as it applies to your unique industry and business. In providing a list of the types of companies most likely to be the target of a hack, we hope to light a proverbial fire under those who find themselves detailed below.

The 5 Most Likely Targets for Cybercrime in 2018

1. Small Businesses

You will find one consistent statement when we address cybersecurity concerns for 2018 and beyond: While enterprise level businesses get all the press when it comes to data breaches, small businesses remain the primary target for hackers.

2017 data shows that anywhere between 62 to 70 percent of all hacks target SMBs. In the U.S. alone, a total of 14 million small businesses have been hacked over the past 12 months. For that reason, the Main Street Cybersecurity Act is making its way through the U.S. Senate. The bill intends to create a set of resources and guidelines that small businesses can use to protect themselves from the growing threat. While the Government of Canada has provided its own form of online information resources, it’s clearly not enough. This is a call to action that small businesses need to act on today, and Fully Managed is here to help.

2. Healthcare

Healthcare is a primary target year over year because of the fact that medical records provide the most intimate details of an individual’s identity. If healthcare is within the DNA of what your business or organization provides, then it’s time to tighten up.

But, there is a new threat to healthcare in 2018—Attacks on healthcare web apps.

TechRepublic reports that healthcare web apps are experiencing an average of over 1,500 unique attacks per day. The most common attacks involved cross-site scripting and local file inclusion, a behavior that suggests cybercriminals are attempting to plant malware downloaders in apps as opposed to stealing user data.

One big problem is that many healthcare service providers remain slow to update web applications and install necessary patches, a “bad practice” that allows hackers to exploit known vulnerabilities and insert malicious code. If your healthcare business doesn’t have the resource “bandwidth” to promptly perform updates, install an effective web application firewall, and monitor for traffic irregularities, then you will need to find an IT solutions provider who does.

3. Law Firms

The legal industry by default is a primary target because of the amount and type of data a law firm collects, stores, and uses on a daily basis.

Look no further than DLA Piper, a prominent global law firm that is ironically known for its expertise in cybersecurity. The firm was the victim of a vicious hack in June of 2017, a Petya ransomware attack that left them without access to their own data for at least three days. The DLA Piper hack was just one of ten major law firm attacks heard around the world in the same year. If current and prospective clients lose confidence in a law firm’s ability to manage their sensitive data, you can only imagine the impact it will have upon the legal industry as a whole.

4. Financial Services

This one is common sense, given that we’re dealing with literal dollars and cents. Any company that provides financial services for businesses and consumers alike is at great risk. While going after SMBs, healthcare providers, and law firms can be a lucrative endeavor for hackers armed with ransomware, targeting financial services goes straight to the source - hitting right where the money is. Recent data from IBM X-Force states that more than 200 million financial services records were breached last year, a figure that has risen by a startling 900 percent year over year.

One new financial area that is especially susceptible is cryptocurrency. As cryptocurrency (Bitcoin, Ethereum, etc.) valuations continue to rise, the number of hackers targeting online wallets, exchanges, and affiliate sites grows. While this is still a relatively niche financial market, the trend is indicative of how hackers will always chase the money, no matter what form it takes. Simply put, if you’re in financial services, you have significant cause for concern - bank on it.

5. Education (Public and Private Sector)

Cybercriminals seeking to exploit sensitive information for profit are increasingly targeting educational institutions. This is because they are finding weaker cybersecurity systems in place, when compared to big businesses, while at the same time being afforded access to one very valuable asset - student data. Student data can be used for ransom today, and again tomorrow as organized cybercriminals warehouse data regarding the future consumers of the world (our youth). Some school districts are willing to pay up, with many instances going unreported in fear of massive public backlash. One infamous (in name and activity) hacking group known as "The Dark Overlord" has been linked to a series of attacks on school districts across the border, causing the Department of Education to issue an alert for K-12 institutions.

The rise in popularity of private schools, and post-secondary trade schools, technical institutes, and vocational colleges have also opened the doors for hackers. Since these institutions operate as a business, the financial incentive for hackers is direct while the threat of financial ruin for stakeholders is very real.

____

While these 5 groups represent the top targets for cybercrime in 2018, no business, industry, or brand is isolated from the threat of a hack. Now is the time to ensure you and your team are educated on the threats that are out there, particularly any threats that are unique to your business or industry. Having a robust Cybersecurity strategy in place is the best place to start.